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(54) Transaction authorization and alert system 

(57) An automated method for alerting a customer 
that a transaction is being initiated and for authorizing 
the transaction based on a confirmation/approval by the 
customer thereto. In accordance with one illustrative 
embodiment, a request to authorize the transaction is 
receh^ed, wherein the request irK:ludes a customer Iden- 
tifier: a determination is made whether to authorize the 
transaction t>ased on the customer identifier; if the de- 
termination is to authorize the transaction, that fact is 
communicated to the customer, a conftrmaVion that the 
transaction shoukf, in fact, be authorized is received 
back from the customer, and the transaction is author- 
ized in response to the customer's confirmation thereof. 
In accordance with another illustrative enrtbodiment, a 
transactk)n initiated by an agent of the customer (/.e., 
the principal) is authorized by the principal when one or 
more threshold parameters that may be pre-defined by 
the principal are exceeded. A preferred method of alert- 
ing the customer and receiving a confirmation to author- 
ize the transaction back from the customer is illustrative- 
ly afforded by conventbnal two-way pagers. 
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Description 

Field of the Invention 

This invention relates to a transaction authorization 
and alerting system, and more particularly to a method 
and apparatus for using a communications system to 
alert an interested party of a recently completed trans- 
action and/or to obtain authorization from the interested 
party for a pending transaction. 

Background of the Invention 

The credit card identrfication numbers assigned to 
credit card customers are presented to many different 
people in a variety of circumstances -- when applying 
for financial services, when concluding purchases in a 
store, and when making purchases over the telephone, 
through the mail, or over e-mail (electronic mail). The 
large number of people that have access to a customer's 
credit card number has frequently led to fraud. The ad- 
vantages of using credit cards, however, are substan- 
tial The customer finds their use advantageous in that 
he or she need not carry cash or write checks. Credit 
card purchases also have advantages to the retailer as 
compared, for example, to payment by check, sirice the 
credit card service provider ensures timely payment to 
the retailer, regardless of when the customer pays the 
balance on the credit card account. However, credit 
cards or credit card numbers are often stolen, and credit 
card numbers are often used over the telephone or 
through the mail without any secure mechanism for con- 
firming the customer's identity. 

Telephone calling card numbers have security prob- 
lems similar to those of credit cards. These numbers are 
often spoken atoud or entered through a touch tone key- 
pad, thereby allowing others the opportunity to record 
them (either electronically or by mere observatbn). and 
to then fraudulently use the numbers. Another common 
source of fraud sterns from authorized usage of a credit 
card or a telephone calling card followed by a customer 
denial that he or she made the purchase or placed the 
call. Thus, simply controlling access to the credit or call- 
ing card number without more may be inadequate. Com- 
puter access to secure databases Is yet another exann- 
ple of a transaction that depends upon private customer 
identifiers (/.a., passwords) which through legator illegal 
channels may become known to others, thereby allow- 
ing unauthorized access to these databases. 

Prior art mechanisms for handling such security 
concerns have nox taken advantage of advances in 
communicatk>ns and computer systems to automate the 
alerting and approval process. Most technk^ues which 
have heretofore attempted to address these security is- 
sues tend to signif icantly increase the complexity of the 
communication protocol. For example, the customer 
may be asked addrtkmal questions (the answers to 
whrch it is expected that only the authorized party wouki 



know), or may be required to provide additional informa- 
tion as a part of each transaction such as a (secret) Per- 
sonal Identification Number (PIN). Moreover, it may be 
required that such PINs be modified on a routine basis 

5 in order to maintain their secrecy. To encourage custom- 
ers to make use of these types of services (e.g., credit 
and calling cards), it has become common to limit the 
liability of the customer while Increasing the liability of 
the service provider (e.g., the credit card vendor or tel- 

10 ephone company). Unfortunately, unauthorized uses 
usually go undetected until a periodic sen/ice report Is 
issued " typically, at the end of a monthly billing cycle 
and bng after the fraud was perpetrated. 

In addition to the above-described security Issues. 

15 one comnrranly desired class of financial transactions in- 
volves a principal who empowers an agent to Initiate and 
complete routine transactions without the principal's 
knowledge or approval. However, the principal often re- 
serves the right to be alerted to. or even to approve, such 

^0 transactions, particularly when they are identifiably non- 
routine or atypical. For example, approval may be re- 
quired when certain threshoki parameters that are as- 
sociated with the transaction (which may, for example, 
be pre-defined by the principal) are exceeded. 

^5 Prior art mechanisms for handling such agent initi- 
ated transactions have also not taken advantage of ad- 
vances in corhmunk:atk)ns and computer systems to au- 
tomate the alerting and approval process, thereby lim- 
iting the scope of applications of such transactions. For 

30 example, a card owner, such as a corporation (parent) 
that provides an employee (young adult) with a credit/ 
debit card to charge business (personal) expenses, typ- 
ically places certain restrictk>ns on the use of the card 
by the cardhoWer to prevent abuses, excesses or fraud. 

55 Those restrictions include, for example, upper limits on 
either the total amount of money that can be charged to 
a commercial credit card, or the number of transactk)ns 
that can be authorized for a credit card number within a 
predetermined perkxJof time. Those restrictions some- 

"to times operate to deny access to credit to a cardhokier 
who is stranded or facing an emergency situation, when 
ironically credit is most needed. This clearly defeats the 
purpose of empowering the empbyee or young adult. 
Yet, oversight of the use of those credit cards by the card 

45 owners is still needed since the card owners are ulti- 
mately financially responsible for the expenses charged 
to those credit cards. This issue takes particular signif- 
icance when one conskJers that merchants concerned 
about lack of legal competency of minors to complete 

50 card transactions have been reluctant to accept debit or 
credit cards as a means of payment from minors. Hence, 
another specific problem of the prior art is lack of a flex- 
ible restrk:tlun mechanism for principals to limit monitor, 
and/or approve use of a card by cardholder for non-iou- 

55 tine commercial transactions. 
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Summary of the Invention 

We have recognized that Ihe atorementioned prob- 
lems result from the inability to quickly and efficiently in- 
form the individual customer (e.g., the account holder 
or the principal) that his or her customer identifier (e.g., 
credit/debit/calling card number, PIN, password, etc. ) 
is being used in a transaction for a particular purpose, 
and the Inability of the customer to respond thereto in 
order to confirm or deny its use. Thus, in accordance 
with certain illustrative embodiments of the present in- 
vention, an automated method for authorizing a trans- 
action is provided in which the customer is informed of 
a pending authorization thereof, and the transaction is 
then authorized only in response to a customer confir- 
mation. In accordance with certain other illustrative em- 
bodiments, the invention provides a method and a sys- 
tem which allow a principal to be automatically alerted 
to, and/or to promptly authorize, an agent-initiated 
transaction which may, for example, be deemed atypical 
based on a pre-stored profile specified by the principal. 

In accordance with one illustrative embodiment, a 
request to authorize a transaction is received, wherein 
the request includes a customer identifier; a determina- 
tion is made whether to authorize the transaction based 
on the customer identifier; if the determination is made 
to authorize the transaction, the pending authorization 
is communicated to the customer; a confirmation that 
the transaction is, In fact, to be authorized is received 
back from the customer; and the transaction is author- 
ized in response to the customer's confirmation thereof. 

One approach to communicating such a determina- 
tion to authorize the transaction and to receive such a 
confirmation to authorize from the customer is illustra- 
tively afforded by conventional two-way pagers. For ex- 
ample, a computer database, charged with the task of 
authorizing a transaction, may signal the customer via 
paging whenever his or her customer identifier is used. 
Ak)ng with this notification, relevant information may be 
displayed on the pager's alphanumeric (or numeric) dis- 
play. The customer may then respond (via the two-way 
pager) by confirming or denying the pending authoriza- 
tion. 

According to one aspect of the invention, exception 
conditions that trigger a customer's alerting or approval 
process may be stored in a profile specified by the cus- 
tomer This profile associates those exception condi- 
tions to a personal communicattons address, such as a 
paging number or a •500* or VOO" prefix telephone 
number at which the customer can be reached. For 
credit/debit and calling card transactions, exception 
conditions may be caused, for example, by a request for 
credit amount (or number of transactions) at>ove thresh- 
old parameters pre-imposed by the card owner for the 
use of the card, or breach of other conditions pre-de- 
fined by the card owner for the use of the card. In ac- 
cordance with the principles of the invention, the card 
owner may elect to simply receive the alert message or 



to authorize/deny the charging of the expenses to the 
card number by transmitting an approval/disapproval 
message to the card issuer as part of the card validatbn 
process. 

5 According to another aspect of the invention, a mer- 
chant may request the approval of a parent or guardian 
to a debit/credit card transact 'ton. such as a stored-value 
smartcard, presented to the merchant by a minor alleg- 
ing to act on behalf of the parent or guardian. In that 

10 case, the card number, or a proxy thereof, may be used 
as a search key to retrieve the parent or guardian's pro- 
file that kientif ies a communk:atk)ns address for the par- 
ent or guardian. The transaction is approved only if an 
authorization message is received from the parent or 

?5 guardian. 

Brief Description of the Drawings 

FIG. 1 is a telecommunicatkjn system arranged In 
accordance with the inventbn to allow a card owner to 
authorize, or to be alerted to transactions charged to the 
card by a cardholder 

FIG. 2 illustrates an exemplary message that Is 
transmitted by an automatic dialing unit at a merchant's 
2S location to a card issuer's validation database. 

FIG. 3 shows an illustrative table that associates 
alerting threshoM parameters to card numbers. 

FIG. 4 shows an illustrative generk: message that 
is transmitted by an automatic dialing unit at a mer- 
30 chant's location to a card owner's communications de- 
vice. 

FIG. 5 shows specific exemplary messages that 
may be transmitted by a card valkiatbn system to a card 
owner's communrcations device. 
35 FIG. 6 is a table that correlates merchant codes to 
types of commercial establishments. 

FIG. .7 shows a flow diagram outlining illustrative 
programmed Instructions executed by different ele- 
ments of the communications system of FIG. 1 to re- 
40 ceive approval for, or to alert a credit card owner to, a 
credit card transaction initiated, by a card holder in ac- 
cordance with certain illustrative embodiments of the 
present inventk)n. 

FIG. 8 is a flow cfiart of illustrath/e programmed in- 
4S structions executed by various components of the com- 
munications system of FIG. 1 to receive approval from 
a parent or a guardian of a mirK>r initiated debit card 
transaction in accordance with a first illustrative enibod- 
iment of the present invention. 
so FIG. 9 shows a flow chart of a credit card purchase 
transaction to whk:h certain illustrative embodiments of 
the present lnvent»n may advantageously be applied. 

FIG. 10 shows a flow chart of an authorizatkxi proc- 
ess in accordance with a second illustrative embodi- 
es ment of the present inventbn. 

FIG. 11 shows a flowchart of an authorizatbn proc- 
ess ki accordance with a third illustrative embodiment 
of the present Inventbn. 
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FIG. 1 2 shows a flow chart of an authorization proc- 
ess in accordance with a fourth illustrative embodiment 
of the present invention. 

FIG. 1 3 shows a flow chart of a credit card purchase 
transaction to which a fifth illustrative emtx)diment of the 
present invention may advantageously be applied. 

FIG. 1 4 shows a flow chart of an authorization proc- 
ess in accordance with a fifth tlluslr ative embodiment of 
the present invention. 

Detailed Description 

Introduction 

Although the principles of the present invention may 
be applied to many domains, the illustrative embodi- 
ments described in detail herein will focus on a credit 
card or debit card purchase transaction. In these em- 
bodiments, a cardholder, who may or may not be the 
customer of the credit or debit card issuer, uses a credit 
or debit card (or a credit card number) to instruct a re- 
tailer (a provider of a product or sen/ice) to charge a 
purchase to the given credit card account or to debit the 
amount of the purchase from the given debit card ac- 
count. The credit or debit card number sen/es as a cus- 
tomer identifier to the credit card service provider (e.g., 
the issuer of the credit card). 

FIG. 1 shows a communications system arranged 
In accordance with certain illustrative embodiments of 
the present invention to implenront the principles there- 
of. The communications system of FIG. 1 includes a 
communications network 102, a validation database 
106 and a paging system network 111. Communicatior^ 
network 102 includes one or a series of interconnected 
communlcatkxis switches arranged to relay to valkiation 
database 106 (via lines 130-1 to 130-N information re- 
ceived from card reader 101 . Specifically, when a credit 
card holder hands a credit card to a merchant to charge 
expenses associated with a transaction, the merchant 
sides the credit card through card reader 101 to read 
the credit card number, for example, off the magnetic 
stripe on the back of the credit card. An automatic dialing 
unit included in card reader 101 dials a telephone 
number associated with a database 106 of the card is- 
suer to validate the card number. In particular, card read- 
er 101 transmits to validation database 106 a validation 
request message that is illustrativety represented in 
FIG. 2. 

Similarly, when the cardhokJer wishes to use a debit 
card such as an Automatic Teller Machine (ATM) card 
as a means of payment for a commercial transaction, 
the merchant enters a special code into card reader 101 
to initiate the alerting and approval process. Thereafter, 
card reader 101 retrieves the debit card number, for ex- 
ample, from the magnetic stripe on the back of the debit 
card before prompting the cardholder for a secret code 
(e.g., a PIN). Card reader 101 then transmits to valida- 
tion database 101 a validation request message that is 



illustrated In FIG. 2. 

The message shown in FIG. 2 includes a card 
number 201 , a requested credit amount 202, a merchant 
code 203. and a validation request 204. When card 

5 number 201 is a debit card number, it also includes the 
PIN entered by the cardholder. Merchant code 203 is a 
field that identifies the type of business from which the 
message associated with the transaction, is transmitted. 
Typically, the merchant code 203 is appended by card 

10 reader 101 after the requested credit amount 202 has 
been entered by the merchant, and the calling card 
number 201 has been retrieved from the magnetic stripe 
on the back of the card. The validatk^n request fteki 204 
stores the code entered by a merchant to receive ap- 

IS proval from the party authorized to give such approval 
tor a debit card transaction. In the case where the card- 
holder is a minor, for example, by requesting approval 
of the transaction from a parent or guardian of the minor 
(i.e., the authorized party), the merchant and the debit 

20 card issuer are assured that the transaction cannot be 
voided by the minor at a later date on the ground that 
the minor lacked legal competency to enter into such 
transaction. 

Upon receiving a validation request message, vali- 

2S datk)n database 1 06 uses card number 201 as a search 
key to perform a table look-up operation for the purpose 
of retrieving the profile associated with the card number. 
When the cardholder is a minor, andthe card is a stored- 
value smartcard, a passphrase or proxy information pro- 

30 vided by the minor may b e used as search key to retrieve 
the profile of FIG. 3. 

Validation database 106 is a processor-controlled 
centralized database facility which is a repository of 
records or profiles for all credit/debit card numbers as- 

35 signed by a card issuer to its customers. Validation da- 
tabase 106 is designed to authorize transactions 
charged to card numbers stored therein. Such authori- 
zation may be based on a set of pre-defined parameters 
included in the profiles associated with the card num- 

40 bers. When a retrieved profile does not include a re- 
quirement for alerting or approval, valkiation of the card 
number may be performed in a conventional manner 
When a prc^ile stores alerting parameters that may re- 
quire communications with one or more called parties. 

4S vatidatbn database 106 uses one of the Automate Di- 
aling Units (ADU) 110-1 to 110-N to dial a telephone 
number retrieved from a profile associated with a card 
number. 

Shown in FIG. 3 is an illustrative table that associ- 
50 ates alerting and approval threshoki parameters to cred- 
it card numbers. Each record in the table of FIG. 3 is a 
profile for a credit card number that is used to determine 
the manner in whbh transactions charged to that credit 
card number are processed. Ihe table of FIG. 3 includes 
55 a cardholder's name field 301 ; a card number field 302; 
alert and authorization flags 303 and 304, respectively; 
a trigger group of fields; a communicatbns address field 
307; a no-answer-credit threshold fiekJ 309; and a rK)- 
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answer-transaction threshold field 310. Cardholder's 
name field 301 stores the name of a card holder asso- 
ciated with a particular card number. The cardholder's 
name field may contain, for example, the first and fast 
name of the cardholder (as shown for the first and third 5 
record) or the first name (or nickname) of the cardholder 
(as shown for the second and fourth record). Credit card 
number 302 is used as a search key in the table lookup 
operation mentioned above, to retrieve the profile asso- 
ciated with that card numt>er. The alert flag field 303 m- io 
dicates that the card owner is to be notified, although 
possibly only under certain conditions. Such notification 
may be required, for example, when processing of the 
transaction would either cause certain conditions pre- 
defined for the use of the card to be breached, or a '5 
threshold parameter to be exceeded. The approval flag 
field 304 alerts the card issuer that credit card transac- 
tions that violate pre-established conditions need to be 
authorized by the card owner as part of the card valida- 
tion process. These pre-established conditions may be 
pre-selected by the card owner or they may be condi- 
tions imposed by the card issuer The trigger group of 
fields depicted in FIG. 3 illustratively shows different pa- 
rameters which cause a card owner to be notified when 
those parameters exceed certain pre-defined thresh- 
olds. The "conditions' field 305 shows restrictions pre- 
selected by the card owners for use of their credit cards. 
For example, the first record indicates that the card own- 
er wishes to be alerted whenever a cardholder charges 
more than one hundred (100) dollars to the credit card 30 
number The third record illustrates that the card owner 
wishes to authorize any credit card transaction for more 
than three hundred dollars. By contrast, the owner of the 
credit card number associated with the third record 
w'^hes to be alerted whenever that card Is used at com- 3S 
merciai establishments associated with specific mer- 
chant codes. Some card issuers assign distinct mer- 
chant codes to commercial establishments, such as 
bars, hotels and liquor stores, thereby aibwing credit 
card transactions at those establishments to be easily 40 
-identified. 

Other restrictions that may be imposed by a card 
owner may include, for example, the "maximum number 
of transactk>r)S' field 306 which defines an upper limit 
oh the number of transactions that can be charged to a ^ 
credit card number within a predetermined period of 
time. For example, the second record indicates that the 
card owner's approval is required to validate a credit 
card transaction when more than three credit card trans- 
actions have already been processed lor that credit card so 
number within a twenty-four (24) hour pericxJ. Such a 
condition may be useful for example, in detecting fraud- 
ulent use of a stolen credit card. When a transaction 
threshold number is used as a parameter for processing 
a credit card transactbn, the transaction counter field ss 
307 is incremented by 1 (one) every time a credit card 
transaction is processed. The transaction counter field 
307 is reset to "0' after the predetermined period (e.g„ 



24 hours) has expired. It will be appreciated that only a 
limited number of restrictions and/or authorizations are 
shown in FIG. 3 for ease of explanatbn, even though 
many other restrictions, obvious to those of ordinary skill 
in the art, may be requested by card owners or card is- 
suers for inclusion in the profile of FIG. 3. 

Whenever a card owner is to be notified of a condi- 
tion-breaching credit card transaction, the communica- 
tions address field 308 may be used to identify a tele- 
phone number or an electronic mail address at which 
the card owner can be reached. Preferably, the commu- 
nications address field stores a pager number associat- 
ed with a communications carrier which provides paging 
service on a natbnwide basis to contact, for example, 
the card owners associated with the first and the fourth 
record. Alternativety, a personal telephone number, 
such as a "500" or a "700" prefix number may be used 
as a reach number for a card owner, such as the card 
owner associated with the second and third record 
shown in FIG. 3. As another alternative, an electronic 
mail address may be used whk:h, in various illustrative 
emk)odiments, may be either an address to which con- 
ventbnal electronic mail may be sent or an electronic 
address for use in other forms of electronic signaling 
such as, for example, a direct message communicated 
to the computer screen of a logged-on user or an inter- 
active etectronk: two-way communk:ation mechanism 
(e.g., a "chat* or "talk* program). 

Also included In the profile of FIG. 3 is no-answer- 
credit threshold field 309 and no-answer-transactkxi 
threshold field 310. Those fields kJentify respectively, 
the maximum amount of credit that can be approved, 
and the maximum number of permissible transactions 
within a given perkxi of time, when the card owner can- 
not be reached by the communications system of FIG. 
1 . When the card owner does not wish any transactions 
to be authorized when he or she cannot be reached, 
then those fiekis are set to zero. 

When the cost associated with the commercial 
transactbn is charged to a debit card, as opposed to a 
credit card, only the card holder's name field 301 , the 
card number field 302 and the communications address 
field 308 are of partk:ular relevance since the request 
for approval is initiated by the merchant and the com- 
nnercial transaction is not completed when the debit card 
holder cannot be reached. 

Referring back to FIG. 1, when a transaction re- 
quest message, such as the one illustrated in FIG. 2, is 
received by validation database 106» the latter uses a) 
the information included in that message, and b) the re- 
trieved profile associated with the card number in that 
message to determine whether at least one card owner 
pre-imposed condition has been breached (or a card 
owner pre-defined threshold has been exceeded). If so, 
validation database 106 fetches the communicdtk>ns 
address of tfie credit card owner and any other appro- 
priate information to format an authorization request 
and/or alert message that is transmitted to the card own- 
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er One such message is illustrated in FIG. 4 which 
shows a card holder's name field 401 , a display tield 402 
and a field 403 that is populated by an entry in the table 
illustrated in FIG. 5. The card holder's name is populated 
by the name that is included in the profile retrieved by 
validation database 106. Field 402 is a display field that 
always contains the two words "Credit Card." Held 403 
is populated by one of the entries in the table of FIG. 5. 

The table of FIG. 5 shows three separate entries 
501, 502 and 503 representing different sections of 
three different messages. Each entry is comprised 
mainly of display information and one field that is popu- 
lated based on the particular condition that has been 
breached or the specific threshold that has been ex- 
ceeded. For example, when the requested credit 
amount for the transaction exceeds the charging limit 
pre-selected by the card owner, field 505 will be popu- 
lated by the difference between the maximum charging 
amount and the requested credit amount. Similarly, 
when validation of a card number for a transactic^ would 
cause the maximum number of transactions per day 
pre-selected by the card owner to be exceeded, the con- 
tent of the transaction counter field is moved ^to field 
506. Likewise, when the card holder attempts to charge 
to a credit card number the expenses related to the pur- 
chase of an item from a commercial establishment that 
is associated with a prohibited merchant code, that code 
is translated to one of the establishment type entries 
shown in the table of FIG. 6. That table correlates each 
merchant code to a parttcuter type of commercial estab- 
lishment. For example, hypothetical merchant code 
1234 is associated with liquor stores, while fictitious 
merchant code 4567 is mapped to hotels and motels. 
Thus, once a merchant code is to a commercial estab- 
lishment type entry, that entry is simply copied to field 
607 of FIG. 5. 

By populating field 403 of FIG. 4 with one of the en- 
tries in FIG- 5, a complete message is formulated for 
transmission to the card owner. Thereafter, validation 
database 106 retrieves the communications address in 
the profile to send to the card owner the message illus- 
trated in FIG. 4 via an idle autoriialic dialing unit selected 
from ADU 110-1 to ADU 110-N. The latter are arranged 
a) to initiate phone calls by dialing telephone numbers 
received from validation database 106 and, b) to bridge 
those calls to other communications devices upon de- 
tecting a feedback signal from the card owner ADU 
110-1 to 110-lsl are also designed to terminate the call if 
no feedback signal is received after a predetermined pe- 
riod of time. 

If the communications address is a personal tele- 
phone nun^er, such as a "500" or "TOO' prefix number 
(shown, for example, in the third record of FIG. 3), then 
database 106 transmits the message illustrated in FIG. 
4 to Interactive N/bice Response System (I VRS) 1 25 be- 
fore sending the communications address of the card 
owner to an idle ADU. Upon receiving the number dialed 
by ADU 110-1. for example, communications network 



102 translates the '500' or "700' prefix telephone 
number to a Plain 0\6 Telephone Service (POTS) tele- 
phone number at which the card owner can be reached. 
When ADU 110-1 detects a feeidback signal from the 

5 card owner, it bridges the call (via line 1 40) to Interactive 
Voice Response System (I VRS) 125 that delivers the 
message of FIG. 4 in audio form to the card owner at 
. telephone set 145, for example. Specifically, IVRS 125 
is a processor that executes text-to-speech synthesis 

'0 programmed instructKins designed to use ASCII input, 
such as one of the messages shown in FIG. 4, to gen- 
erate a "read atoud' audio rendition of that ASCII input 
in a machine synthesized voice. IVRS 125 is also ar- 
ranged to prompt a card owner to provide some input to 

^5 approve or disapprove a particular transaction. For ex- 
ample, a card owner may be prompted to enter a "1 " on 
a telephone dialpad to approve a transaction, or a *2* 
on the dialpad to disapprove the transaction. Also in- 
cluded in IVRS 1 25 is a means to respond to touch-tone 

20 commands from a caller . In particular, IVRS 125 is ar- 
ranged to translate the Dual Tone Multi-Frequency (DT- 
MF) signal received from the card owner to a machine- 
readable format, such as ASCII, that is recognizable by 
validatbn database 106. Attemativety. IVRS 125 may 

2S include a word recognition unit that is arranged to output 
digitally recorded words, such as the messages in FIG. 
5. to prompt a card owner for particular information that 
}s converted to ASCII format for delivery to validatkxi 
database 106. Furthermore, in order to insure that the 

30 person approving the transaction is the card owner, as 
opposed to an impostor, IVRS 1 25 may also include a 
speaker recognition unit that stores templates of pre- 
recorded digitized voice messages of the card owner 
that are compared to any input received from the called 

55 party to certify that the 'real* card owner is the person 
approving the transaction. 

If the communications address is a paging tele- 
phone number, then one of the ADUs 110-1 to 110-N 
dials the paging telephone number to initiate a call to 

^0 that paging telephone number for the purpose of deliv* 
ering one of the messages of FIG. 4 to pager device 1 35 
of the card owner. The call is routed over communca- 
tions network 102 which uses one of the derrKxJulators 
120-1 to 120-N to transform the received message into 

45 proper signaling format for delivery to paging system 
network 111 which may be, for example, a satellite- 
based nationwide paging servk:e network: Alternatively, 
paging system network 111 may be a cellular communi- 
cations network or a Personal Communications Servic- 

50 es (PCS) network. Paging system network 111 includes 
a base station (not shown) that receives the dialed 
number along with the message of FIG. 5. The base sta- 
tion then identifies a particular frequency associated 
with that paging telephone number to code the received 

55 rnessage as a series of pulses represented by a carrier 
that is modulated on that frequency for delivery to pager 
1 35. The latter converts the pulses into a series of bytes 
representing the message of FIG. 5. Thereafter, pager 
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1 35 emits a loud beep to signal the card owner of an 
Incoming message. Alternatively, pager 135 could be a 
vibrating pager which silently alerts the card owner of 
the incoming message through a vibration signal gen- 
erated therein in response to the reception of a mes- 
sage. 

When the incoming message is an alert signal from 
validation database 106; pager 135 can be any commer- 
cially available paging device with a small screen for dis- 
playing the message of FIG. 4. However, if an approval^ 
disapproval response is requested by validation data- 
base 1 06, pager 1 06 may advantageously be a two-way 
paging device, such as the device available from Mobile 
Telecommunications Technology Inc. of Jackson, Mis- 
sissippi. In that case, the card owner transmits an ap- 
proval/disapproval message by entering a pre-defined 
code in the two-way pager. The pre-defined code is then 
transmitted to validation database 106 via paging sys- 
tem network 111. The pre-defined code is received by 
one of the demodulators 120-1 to 120-lsl which demod- 
ulates the signals associated with the received code for 
presentatbn to validation database 106. Altematrvety, 
pager 135 may be a one-way pager. In this case, if an 
approval/disapproval response rs requested by valida- 
tion database 106, the card owner may communicate 
an approval/disapproval message to validation data^ 
base 106 by other means, such as with use of a con- 
ventional telephone, for example. 

A first illustrative embodiment 

FIG. 7 shows a flow diagram in accordance with cer- 
tain illustrative embodiments of the present invention 
outlining programmed instmctions executed by different 
elements of the communications system of FIG. 1 to re- 
ceive an approval from a credit card owner for, or to alert 
a credit card owner of. a credit card transaction initiated 
by a card holder The process shown in FIG. 7 is initiated 
in step 701 when validation database 106 receives a val- 
idation request for a credit card number. As mentioned 
above, the request for approval may be received in the 
fonm of a data message, such as the one illustrated in 
FIG. 2. Upon receiving thecredit card number, validation 
database 106 uses the received credit card nunr^er as 
a search key m an attempt to retrieve a profile for the 
credit card number. If no profile is available in the vali- 
dation database for the credit card number, as deter- 
mined in step 702, validatk>n database returns an 'un- 
authorized transaction* message to card reader 101 via 
communrcations network 102. When validatk>n data- 
base 1 06 Is able to retrieve a profile for the card number, 
the profile is analyzed in step 704 to determine whether 
the requested credit amount or the type of transactbn, 
for example, triggers any alerting or request for approval 
conditions. If no such conditions are triggered, validation 
database 106 proceeds with the validation process in a 
conventional manner. Othenwise, in step 706, valldatbn 
database 106 ascertains whether the card owner is only 



to be alerted when the pre-defined condrtbn is encoun- 
tered. If so, validation database 106 retrieves from the 
profile the card owner's communications address to 
which the alerting message is sent, as indicated in step 

5 707. Thereafter, validation database 1 06 proceeds with 
the validation process In a conventional manner. 

When the profile retrieved by validation database 
1 06 indbates that the card owner is to approve the credit 
card transactbn (such as the one requested by the card 

10 hokier) valkiatbn database 106 formulates a request for 
approval message (using appropriate entries In FIG. 4 
and FIG. 5) for transmissbn to the card owner, as indi- 
cated in step 708. As mentbned above, the request for 
approval message nf\ay be delivered in the form of a tel- 

is ephone call or a paging message. After the transmission 
of the message, validatbn database waits lor a re- 
sponse from the card owner. When valkJation database 
determines, in step 709, that no response is forthcoming 
after a pre-defined period of time has expired, validation 

^0 database 106, In step 711, assesses whether the re- 
quested credit amount exceeds the no-answer-credIt 
threshold. As indicated earlier, the no answer-credit 
threshold is a field in the profile for a card number which 
stores the maximum amount of credit that can be ap- 

^5 proved for a credit card transaction when the credit card 
owner cannot be reached by the communbations sys- 
tern of FIG. 1 . If the requested credit amount exceeds 
the no-answer-credrl threshold, as determined in step 
711, then validation database 106 returns an 'unauthor- 

30 Ized transactbn* message to card reader 1 01 . If the re- 
quested credit anrK)unt does not exceed the no-answer- 
credit threshold, the content of the transactbn counter 
field in the profile is compared to the no-answer-lrans- 
action threshold to determine whether this threshold has 

35 been exceeded. If so, validation database 106 returns 
an invalid card message to card reader 1 01 , as indicated 
In step 705. If neither of the no-answer-thresholds has 
been exceeded, validation database 106 completes the 
validatbn process in a conventbnal manner, as mdicat- 

40 ed in step 703. 

When validation database 106 receives a response 
from the card owner within a pre-defined period of time, 
as determined in step 709, valkiatbn database 1 06 then 
assesses whether the response indbates approval of 

45 the transactbn by the card owner. If so, validatbn data- 
base completes the validation process in a conventional 
manner, as indicated In step 705. Optionally, the card- 
hoMer may be required to provide a secret code thai 
matches a similar code included in the response re- 

50 ceived from the card owner before the transaction is au- 
thorized. If a disapproval response Is received from the 
card owner, validatbn database 106 retums an "unau- 
thorized transaction' message to card reader 101. 
FIG. 8 is a flow chart outlining instructions per- 

55 formed by the elements of the illustrative communba- 
tlons system of FIG. 1 to validate a debit card transaction 
in accordance with a first illustrative embodiment of the 
present invention. The process depbted in FIG. 8 is in- 
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Itiated in step 801 when validation database 106 re- 
ceives a debit card number and a password entered by 
a minor card holder. Validation database 106 launches 
a query on its storage devices to determine, in step 802, 
whether a profile can be retrieved for the received card 
number. It no profile is found, validation database 106 
transmits an 'unaulhiorized transaction" message to 
card reader 101, as indicated in step 803. Upon retriev- 
ing a profile for the card number, validation database 
106 formulates a message using one of the entries of 
FIG. 4 for transmission to the card owner. Thereafter, 
validation database 106 waits a pre-defined amount of 
time to determine whether a response is received from 
the card owner jf the pre-defined amount of time expires 
before a response is received from the card owner, val- 
idation database 106 returns an 'unauthorized transac- 
tion' message to card reader 101. as indicated in step 
803. When a response indicative of the card owner's ap- 
proval of the transaction is received from the card owner, 
as determined in step 806, validation database 106 pro- 
ceeds with the validation process in a conventional man- 
ner, as indicated in step 807. If the card owner sends a 
message disapproving the debit card transaction, vali- 
dation database 106 sends an 'unauthorized transac- 
tion* message to card issuer 101, as indicated in step 
803. 

in other illustrative embodiments of the present in- 
vention, the authorization of a transaction may need to 
be approved by more than one party. For example, if the 
charge account is a corporate account and the amount 
of the charge is over a certain predefined threshold, it 
may be required that two authorized parties (e.g., cor- 
porate executives) approve the transaction. This is anal- 
ogous, for example, to the common requirement that 
corporate checks over a certain amount (e.g., $1,000) 
include two authorized signatures to be valid. Similarly, 
if the transaction involves, for example, the dispensing 
of medications in a hospital (see below), it may be de- 
sirable that both the patient's doctor and the hospital's 
pharmacist approve the treatment. In these cases, step 
806 of FIG. 8 is modified to determine whether all parties 
which are required to approve the transaction have done 
so. 

A second illustrative embodiment 

FIG. 9 shows a flow chart of a credit card purchase 
transaction to which certain illustrative embodiments of 
the present invention may advantageously be applied. 
The transaction is initiated by a cardholder (i.e., the cus- 
tomer) who instructs a retailer to charge a purchase to 
a given credit card account {step 11). This instruction 
usually takes the form of provkiing a credit card or a 
credit card number to the retailer. This transaction may 
occur with the customer and the retailer co-present and 
in real-time, while the customer is waiting. In this case, 
the timeliness with whbh the authorization process is 
completed is clearly of great Importance, since the rel- 



evant parlies are awaiting such authorizatbn before 
they may proceed with other endeavors. (For example, 
they may be waiting so that the retailer may hand over 
the goods to the customer or provide a sen/ice thereto.) 

5 Thus, the communicatbn to the customer and a confir- 
matbn or denial of authorization by the customer should 
advantageously occur quickly. For this reason, the use 
of two-way pagers is preferred for this type of application 
of the prirtcipals of the present inventbn. 

10 In alternative applications, the customer may have 
instructed the retailer (or an agent of the retailer) in per- 
son or via some communk:atk)n mechanism (e.g., a 
phone, mail, facsimile or electronic mail) at a time prk>r 
to the initiation of the transactbn. Such instructbns 
might cover an immediate one-time purchase, a future 
purchase (e.g., the goods or service may not be imme- 
diately available) or a series of purchases to occur over 
a period of time. In cases such as these where the cus- 
tomer and the retailer are not co-present, the parties 

20 most typically do not require the authorization to be com- 
pleted before they may proceed with other endeavors. 
That is. it may be acceptable in these cases that the au- 
thorization process be completed over a longer perkxf 
of time such as, for example, several hours or even a 

25 day. In these cases, therefore, other less immediate 
communications mechanisms may be used, such as 
those provided by conventional telephones, e-mail. or. 
in some circumstances, even physk:al mail. 

In any event, the retailer's typk;al response to such 

30 instructions is to signal a transactbn processing center 
(or a network of such centers) which is associated with 
the credit card service provider that a particular custom- 
er (kJentified by his or her credit card number) wishes to 
purchase goods or services of a partk;ular value. Thus, 

35 the retailer requests an authorization for the charge from 
the transactbn processing center (step 12). Typically, 
this request is initiated by swiping the credit card through 
an automated card reader (such as card reader 101 of 
FIG. 1) whbh reads the magnetic stripe on the credit 
card, dials the transaction processing center, sends the 
relevant information thereto and receives either an au- 
thorizatbn code or a denial in response therefrom. The 
informatkm transmitted to the transactbn processing 
center typically includes the credit card number, the 

45 arTKHint ol the contemplated purchase, and the retailer's 
store identification code (e.g., card number 201, re- 
quested credit amount 202, and merchant code 203 of 
FIG. 2, respectively). The retailer then waits for an au- 
thorization from the transactk)n processing center which 

50 represents that the charge will be underwritten (i. e., in- 
sured) by the credit card service provider. This authori- 
zation is typically sent to the retailer in the form of an 
authorizatkHi code which kJentifies the transactbn and 
can thereby be used to verify that the authorization prbc- 

55 ess was properly adhered to by the retailer. One typteal 
reason lor denial, on the other hand, is that the balance 
on the customer's account has exceeded (or, if the given 
purchase were authorized wouki exceed) a predeter- 
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mined credit limit associated with the customer's ac- 
count. In accordance with certain illustrative embodi- 
ments of present invention, another reason lor denial is 
the lack of the receipt of an appropriate contirnnatlon (or 
the receipt of an explicit denial) by the customer whose 
account is to be charged. 

At the transaction processing center, the authoriza- 
tion process is performed automatically by a computer 
based system comprising, inter alia, a database (e.g., 
validation database 106 of FIG. 1) containing account 
information for each credit card subscriber (step 13). 
That is, such a system automatically makes the decision 
whether to authorize or deny the transaction .— no hu- 
man intervention is typically required at the transaction 
processing center. If the transaction is authorized (de- 
cision 14), as is typically indicated by the appearance of 
the authorization code on the display of the retailer's 
card reader, the retailer is thereby authorized by the 
credit card issuer to accept the charge tor the purchase. 
Thus, the charge is accepted and the transaction is com- 
pleted (step 15). If, on the other hand the transaction is 
denied by the transaction processing center (typically 
indicated by the appearance of a denial code on the card 
reader's display), the retailer denies the charge and ter- 
minates the transaction (step 16). 

FIG. 10 shows a flow chart of an automated author- 
ization process which may be used to implement step 
1 3 of the process of FIG. 9 in accordance with a second 
illustrative embodiment of the present invention. The 
process of FIG. 10 is illustratively executed by a com- 
puter system at the transaction processing center in re- 
sponse tp each received request for the authorization of 
a transactkx). The received authorization request (typi- 
cally transmitted by an automated card reader at the re- 
tailer's location such as card reader 101 of FIG. 1) in- 
cludes, in particular, a customer identifier (i.e., the credit 
card number) and may, for example, also Include the 
amount of the proposed purchase and the retailer's 
store identffk:ation code (step 20). Based on the cus- 
tomer identifier, a database (such as validation data- 
base 106 of FIG. 1) is consulted to determine whether 
the transaction should be authorized (steps 21 and 22). 
For example, the database may include account bal- 
ance and credit limit information irKik:attng that the cus- 
tomer's account balance ts not permitted to exceed a 
given credit limit. In such a case, the system will deter- 
mine that the transaction shouki not be authorized if the 
sum of the account balance and the amount of the pur- 
chase to be authorized exceeds the credit limit. In addi- 
tion, invalid or (known to be) stolen credit cards obvi- 
ously should not be authorized. 

If it is determined from the analysis of step 22 that 
the purchase should not be authorized for some reason 
(decision 23), the system will format a denial code (step 
24). If, on the other hand, there is no basis for denying 
the transaction, the system will, in accordarrce with the 
principles of the present inventkxn, make an attempt to 
have the (tentative) authorization confirmed by the cus^ 



tomer. In particular, and in accordance with a second 
illustrative embodiment thereof, the system will auto- 
matically page the customer (using, for example pager 
135 of FIG. 1), supplying to him or her any relevant in- 

5 fonmation concerning the purchase (step 25). For exam- 
ple, the system might supply the customer with an iden- 
tity of the retailer and/or the amount of the purchase, in 
order to enable the customer to more accurately ensure 
that the transactbn to be authorized is. in fact, the one 

10 he or she is presently undertaking, or, aitematrvely, that 
the transaction is one being undertaken by an agent and 
the principal (i.e., the customer) approves thereof. The 
customer's pager number (i.e„ the telephone number 
which is used to communicate with the pager) may. for 

15 example, be stored in the datat>ase and associated with 
the customer's account, as is shown in FIG. 3. 

Once the customer has been paged, the system of 
the second illustrative embodiment waits for a confirma- 
tion from the customer which may be supplied with use 

^ of the customer's two-way pager (step 26). If the cus- 
tomer responds with an appropriate confirmation (deci- 
sion 27), the system generates, formats and stores an 
authorizatbn code which will enable the transaction to 
be completed. If, on the other hand, the customer does 

^5 not confirm the transaction (e.g., if no response Is re- 
ceived from the customer within a predetermined 
amount of time), the system formats a denial code (step 
24). After either a denial code or an authorization code 
has been formatted, it is sent to the retailer ^e.g.., tocard 

30 reader 101 of FIG. 1) who originally submitted the au- 
thorization request (step 29). 

A Third Illustrative Embodiment 

55 FIG. 11 shows a flow chart of an automated author- 
ization process which may be used to implement step 
13 of the process of FIG. 1 in accordance with a third 
Illustrative embodiment of the present invention. As can 
be seen from the figure, the illustrative process of FIG. 

40 11 is identk^al to the illustrative process shown In FIG. 
10 except that decision 27, which determined whether 
a confirmatbn was received from the customer is re- 
placed by decision 30. whk:h determines whether a de* 
nial is received from the customer. Other embodiments' 

45 of the present invention may combine those shown in 
FIG. 10 and FIG. 11 by accepting either a confi rotation 
or a denial from the customer. In such a case, the default 
(i.e., timeout) criterk>n may be either an assumed con- 
firmation or an assumed denial. 

so 

A Fourth lllustrathfe Embodiment 

FIG. 12 shows a flowchart of an authorization proc- 
ess whk:h may be used to implement step 1 3 of the proe- 
ms ess of FIG . 9 In accordance with a f ou rth illustrative em- 
txxJiment of the present invention. This fourth embodi- 
ment may advantageously be empbyed when the cus- 
tomer has only a one-way (as opposed to a two-way) 
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pager, since It allows for the customer's confirmation to 
be communicated Indirectly through the retailer. Specif- 
ically, the illustrative process of FIG. 12 is identical to 
that of the illustrative embodiment of FIG. 10 and FIG. 
1 1 except in the mechanism by which the customer con- 
firmation is requested and received. 

In particular, when decision 23 determines that it is 
okay to authorize the transaction, the illustrative system 
of this fourth embodiment generates a confirmation 
code and supplies that code to the customer via his or 
her (one-way) pager (steps 41 and 42). The supplied 
confirmation code may, for example, be randomly gen- 
erated so as not to be predictable. In this manner, the 
confirmation code will be known only to the customer 
(and not, for example, to a fraudulent user of the cus- 
tomer's credit card number who is not in possession of 
the customer's pager). The confirmation code may then 
be used to indirectly confirm the authorization. For ex- 
ample, where the customer is making a face-to-face pur- 
chase in a store, the customer may provide the confir- 
mation code supplied by the transaction processing 
center to the retailer, who may, in tum, provide that con- 
firmation code back to the transaction processing cent- 
er This latter step may be performed, for example, with 
use of the automated card reader which is already in 
communication with the transaction processing center. 

Thus, after the illustrative process of FIG. 12 has 
supplied the confirmation code to the customer, step 43 
waits for a responsive input which includes a (return) 
confirmation code (e,g., from the automated card read- 
er). Then, the confirmation code which was supplied for 
the given transaction is compared to the confirmation 
code that was received (decision 44) to ensure that the 
customer is, in fact, provkJing a proper confirmation 
the authorization. If the supplied confirmation code 
matches the received confirnnation code, the system au- 
thorizes the transaction (steps 28 and 29). If they do not 
match, or if the system receives no resF)onsive confir- 
mation code after a predetermined amount of time has 
elapsed, the transactbn is denied (steps 24 and 29). 

A Fifth Illustrative EmbodlnDont 

FIG. 1 3 shows a flow chart of a credit card purchase 
transaction to whbh a fifth illustrative embodiment of the 
present invention may advantageously be applied. This 
fifth embodiment eliminates the need for performing 
multiple communications at the time of purchase. That 
Is, the extra time that may otherwise be required to page 
the customer and receive a confirmatbn or denial of the 
pending authorization are not needed when this fifth il- 
lustrative embodiment is empbyed. 

Prior to the initiation of the transaction itself, the cus- 
tomer requests and receives a confirmatkxn code for use 
in a specifically identified subsequent transaction (steps 
51 and 52). This confirmation code, which may, for ex- 
ample, be randomly generated, will be known only to the 
customer who nntends to execute the specific transac- 



tion (e.g., make a particular purchase), or, alternatively, 
to an agent of the customer (i.e., \he principal) to whom 
the customer has communicated the given confirmation 
code. The specific transaction may, for example, be 
s klentified based on the retailer's store identification code 
(such as merchant code 203 of FIG. 2) or other kfenti- 
fying indicia of the retailer. Then, when the purchase is 
initiated, the customer (or the principal's informed 
agent) provides the previously received confirmation 
10 code to the retailer, who, in turn, provkies the confirma- 
tion code to the transaction processing center which 
performs the automated authorizatbn process (steps 
53-55). The automated authprization system can then 
use the received confirmatbn code in a manner similar 
IS to that of the fourth illustrative embodiment shown in 
FIG. 12 for purposes of confirming an authorization of 
the transaction. Note that since the two-way communi- 
cation process of steps 51 and 52 need not occur at the 
time (or at the locatk>n) of the purchase but. rather, may 
20 precede the transaction by a substantial amount of time, 
a wide variety of communbatbns devices (in addition to 
one-way or two-way pagers) may advantageously be 
used in realizing the fifth illustrative embodiment. 

FIG. 14 shows a flow chart of an automated author- 
25 ization process which may be used to implement step 
55 of the process of FIG. 1 3 in accordance with the fifth 
illustrative embodiment of the present invention. As de- 
scribed above, upon the receipt of a customer's request 
for a confirmation code to be used \n executing a specific 
30 (future) transaction, the illustrative authorization system 
generates and supplies a confirmation code to the cus- 
tomer. In addition to its be'mg supplied to the customer, 
however, this confirmation code is associated with the 
customer kfentifier and, for example, the retailer store 
kfentification code, and this data is then stored in the 
transactbn processing center database (e.g., validation 
database 106 of FIG. 1) for later retrieval - that is, when 
the identified transaction is actually executed. Thus, up- 
on a request for authorization of the given transaction, 
40 the illustrative process of FIG. 1 4 retrieves the previous- 
ly supplied confirmation code from the database based 
on the customer identifier and the retailer store identifi- 
cation code (steps 61 and 62). Then, after it Is deter- 
mined that the transactkm shouki (otherwise) be author- 
45 ized, the system verifies that the confirnnatbn code re- 
ceived with the request for authorization matches the 
confirmatk)n code previously supplied to the customer 
(decision 63). If they do in fact match, the authorizatk)n 
may be confirmed (steps 28 and 29). 

so 

A Sixth Illustrative Embodiment 

In accordance with a sixth illustrative embodiment 
of the present tnventkxi, a confirmation code may be 
ss provkJed to a customer without the customer making a 
specific request therefor. This embodiment may be ad- 
vantageously applied to a credit card purchase transac- 
tion in a similar manner to the fifth illustrative embodi- 
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ment described above. In particular, the flow chart 
shown in FIG. 1 3 may be modified by removing step 51 
therefrom Then, instead of the customer requesting and 
receiving a confirmation code for use in a specifically 
identified subsequent transaction, the customer (auto- 
matically) receives a new confirmation after each trans- 
action and/or periodically (e g., each morning) lor use 
in his or her next transaction. By limiting the use of the 
given confirmation code to, for example, a single trans- 
action, the advantages of the present invention in pro- 
tecting against fraudulent transactions is obtained, while 
no direct communication from the customer to the trans- 
action processing center is required. Thus, for example, 
as in the case of the fourth and fifth illustrative embod- 
iments, one-way pagers may advantageously be used. 
Moreover, the use of a confirmation code which does 
not match the last previously supplied confirmation code 
but, rather, matches one used in a previous transaction 
may well be indicative of fraud. 

Although a number of specific embodiments of this 
invention have been shown and described herein, it is 
to be understood that these ennbodiments are merely 
illustrative of the many possible specrTic arrangements 
which can be devised in application of the principles of 
the invention. Numerous and varied other arrangements 
can be devised In accordance with these principles by 
those of ordinary skill in the art without departing from 
the spirit and scope of the invention. For example, al- 
though the embodiments described above have fo- 
cused on a credit card purchase transaction, it will be 
obvious to those of ordinary skill in the art that the prin- 
ciples of the present invention may be applied to a wide 
variety of transactions including, but not limited to, tele- 
phone calling card transactions, banking transactions 
including those using PINs, stock and commodity trad- 
ing transactions, and secure access transactions such 
as computer access transactions based on computer 
passwords. In additk>n, the principals of the present in- 
vention may be applied to numerous other types of se- 
cure access transactions such as physical access (i.e., 
entry) transact»ns including those used for purposes of 
inventory control. For example, an entry door to a secure 
room (e.g., a hospital's medk:ation room) or to a secure 
facility may be locked by an electronic kx:king system 
(e.g., combination keypad or card access entiy) which 
is electronically linked to a central facility such as the 
transaction processing center described above. Then, 
any attempt to enter the room or facility may be made 
subject toconfirmatk>n on accordance with the principals 
of the present invention. 

In addition, although the above embodiments fo- 
cused primarily on communication via wireless paging 
devices (e.9., one-way or two-way pagers), it will be ob- 
vious to those skilled in the art that many other commu- 
nicatk)ns mechanisms may be used instead of. or in ad- 
dition to, wireless paging devices. These mechanisms 
include, for example, cellular telephones, conventbnal 
wired telephones, personal computers, etc. 



Claims 

1 . An automated method for authorizing a transactbn, 
said transaction'based on a customer identifier as- 

5 sociated with a customer, the method comprising 
the steps of: 

receiving a request to authorize said transac- 
tion, said request including said customer iden- 

10 : tifier; 

determining, in response to said request and 
based on said customer identifier, whether to 
authorize said transaction; 
if said determining step determines that said 

IS transaction is to be authorized, communrcating 

said determination to said customer; 
receiving a communication from said customer 
confirming that said customer consents to saki 
transaction being authorized; and 

20 authorizing said transaction in response to sa ki 

communrcation received from said customer. 

2. An automated method for authoriZHig a transaction, 
said transaction based on a customer identifier as- 

2S sociated with a customer, the method comprising 
the steps of: 

receiving a request to authorize sakJ transac- 
tion, said request including said customer iden- 

30 tifier, 

determining, in response to said request and 
based on said customer identifier, whether to 
authorize said transaction; 
If said determining step determines th^t said 

35 transaction is to be authorized, communfcating 

said determination to said customer; and deter- 
mining whether a communicatwn indicating 
that said transaction is not to be authorized is 
received within a given amount of time from 

40 said customer; and 

authorizing saki transaction "if saidcommunrca- 
tion from said customer is not received within 
said given amount of time. 

45 3. The method of claim I or 2 wherein said step of com- 
municating said determinatton to saki customer 
comprises transmitting signals representative of 
said determination to a wireless telecommunk:a- 
tior^ receiver. 

50 

4. The method of claim 3 wherein said wireless tele- 
communicatkjns receiver comprises a display and 
wherein said step of communicating saki determi- 
nation to saki customer comprises communk:ating 
ss said customer identifier to said cuS:tomer. 

. 5. The method of claim 3 wherein said wireless tele- 
communk:atk)ns receiver comprises a display and 
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wherein said step of communicating said determi- 
nation to said customer comprises communicating 
an kientity of said provider to said customer 

6. The method of claim 3 wherein said wireless tele- 
communications receiver comprises a two-way 
pager and wherein said communication from said 
customer confirming that said customer consents 
to said transaction l>eing authorized is transmitted 
by said customer with use of said two-way pager. 

7. An autorriated method for authorizing a transaction, 
said transaction based on a customer identifier as- 
sociated with a customer, the method comprising 
the steps of: 

communicating to said customer a confirmation 
code for use in executing said transaction; 
receiving a request to authorize said transac- 
tion, said request including said customer iden- 
tifier and said confirmation code; 
determining, in response to said request, based 
on said customer identifier, and based on 
whether said received confirmation code 
matches said confirmation code communicated 
to said customer, whether to authorize said 
transaction; 

authorizing said transaction if said determining 
step determines that said transaction is to be 
authorized. 

8. The method of claim 7 wherein said step of corrimu- 
nicating to said customer a confirmation code for 
use in executing said transaction is performed in re- 
sponse to receiving a communication from said cus- 
tomer indicating that said customer desires to exe- 
cute said transaction. 



to said customer a confirmation code for use in 
completing execution of said transaction; 
receiving a communication comprising said 
confirmation code; and 
s authorizing said t ransaction in response to sa id 

received confirmation code matching said con- 
firmation code communicated to said customer 

11. The method of claim 7 or 10 wherein sard step of 
10 communicating to said customer said confirmation 

code comprises encoding said confirmation code to 
provide a secure communication thereof. 

12. The method of claim 1 » 2, 7 or 10 wherein said trans- 
15 action comprises a sales transaction and wherein 

said customer identifier comprises a credit card 
number 

1 3. The method of claim 1 , 2, 7 or 10 wherein said trans- 
20 action comprises placing a telephone call and 

wherein said customer identifier comprises a tele- 
phone calling card nurnber 

1 4. The method of claim 1 , 2, 7 or 1 0 wherein said trans- 
25 action comprises a banking transactbn and where- 
in said customer identifier comprises a bank card 
number. 

15. The method of claim 1 , 2, 7 or 10 wherein said cus- 
30 lomer identifier comprises a Personal Identification 

Number 

16. The method of ctaim 7 or 10. wherein said step of 
communicating said confirmation code to sakJ cus- 

55 tomer comprises transmitting a signal representa- 
tive of said confirmation code to a wireless telecom- 
munications receiver 



9. The method of claim 7 further comprising the step 
of communk:ating a second confirmation code to 
said customer after authorizing said transaction, 
said second confirmation code for use in executing 
a $ecor)d transactbn subsequent to sakS transac- 
im and being different from said confirmatbn code. 

1 0. An automated method for authorizing a transaction, 
said transaction based on a customer identifier as- 
sociated with a customer, the method comprising 
the steps of: 



17. The method of claim 3 or 16 wherein said wireless 
40 telecommunications receiver comprises a pager 

18. An automated system for use in authorizing a trans^ 
action, sak) transactbn based on a customer iden- 
tifier associated with a customer, the system com- 

45 prising: 

a receiver adapted to receive a request to au- 
thorize said transactbn, said request including 
said customer identifier; 
means for determining, in response to said re- 
quest and based on said customer kJentifier, 
whether to authorize said transaction; 
a transmitter adapted to communicate said de- 
tenminatbn to said customer if sab means for 
determining determines that said transaction is 
to be authorized; 

a receiver adapted to receive a communication 
from said customer confinnning that said cus- 



receiving a request to authorize said transac- 
tion, sab request including said customer iden- 
tifier; 

determining, in response to sab request and 
based on sab customer identifier, whether to 55 
authorize sab transactbn; 
if sard determining step determines that said 
transaction is to be authorized, communk:ating 
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tomer consents to said transaction being au- 
thorized; and 

means for autliorizing said transaction in re- 
sponse to said communication received trom 
said customer. 

1 9. An automated system for use in authorizing a trans- 
action, said transaction based on a customer Iden- 
tifier associated with a customer, the system com- 
prising: 

a receiver adapted to receive a request to au- 
thorize said transaction, said request Including 
said customer identifier, 
means for determining, in response to said re- 
quest and based on said customer identifier, 
whether to authorize said transaction; 
a transmitter adapted to communicate said de- 
termination to said customer if said means for 
determining determines that said transaction is 
to be authorized; 

a timer adapted to determine whether a com- 
munication indicating that said transaction is 
not to be authorized is received within a given 
amount of time from said customer; and 
means for authorizing said transaction If said 
communication from said customer is not re- 
ceived within said given arTx>unt of time. 

20. An automated system for use in authorizing a trans- 
action, said transaction based on a customer Iden- 
tifier associated with a customer, the system com- 
prising: 

a receiver adapted to receive a communication 
from said customer indicating that said custom- 
er desires to execute said transaction; 
a transmitter adapted to communicate to sard 
customer a confirmation code for use In execut- 
ing said transaction; 

a receiver adapted to receive a request to au- 
thorize said transaction, said request including 
said customer identifier and said confirmation 

code; 

means for determining, in response to said re- 
quest, based on said customer identifier, and 
based on whether said received confirmation 
code matches said conf Imnation code commu- 
nicated to said customer, whether to authorize 
said transaction; and 

means for authorizing said transaction if said 
means for determining determines that said 
transaction is to be authorized. 

21. An automated system for use in authorizing a trans- 
action, said transaction based on a customer Iden- 
tifier associated with a customer, the system com- 
prising: 



a receiver adapted to receive a request to au- 
thorize said transaction, said request including 
said customer identifier; 
means for determining, in response to said re- 

5 quest and based on said customer identifier, 

whether to authorize said transaction; 
a transmitter adapted to communicate to said 
customer a confirmation code for use in com- 
pleting execution of said transaction if said 

10 means for determining determines that said 

transact bn Is to be authorized; 
a receiver adapted to receive a communication 
comprising said confirmation code; ar>d 
means for authorizing said transaction In re- 

15 sponse to said received confirmation code 

rriatching said confirmation code communicat- 
ed to said customer. 

22. A method of processing a transaction, the method 
20 comprising the steps of: 

receiving Information associated with a trans- 
action initiated by an agent of a principal; 
retrieving a profile based on said information 
?5 associated with said transaction; 

comparing at least a portion of said information 
to data included in said profile; and 
In response to said comparison, notifying said 
principal of said transaction. 

30 

23. The method of claim 22 wherein said notifying step 
further Includes the step of transmitting a message 
to said pr'ir>cipal to request approval for the trans> 
action. 

35 

24. The method of claim 23 further comprising the steps 
of: 

receiving an approval signal from said principal; 
40 and 

in response to receiving said approval signal, 
authorizing said transaction. 

25. The method of claim 24 wherein the approval signal 
45 from the principal is transmitted from a paging de- 

vk:e which received the notification in response to 
the comparison. 

26. The method of claim 23 further comprising the steps 
50 of: 

receiving a disapproval signal from said princi- 
pal; and 

in response to receiving said disapproval sig- 
55 nal, invalidating said transaction. 

27. The method of claim 23 further comprising the step 
of invafidating said transaction when no signal is re- 
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ceived from said principal in response to said re- 
quest for approval message. 

28. The method of claim 22 wherein said comparing 
step further includes the step of determining wheth- 
er parameters included in said second subset of in- 
formation exceed threshold values represented by 
said data included in said profile. 

29. A system for processing a transaction, the system 
comprisang: 

a database which receives information associ- 
ated with a transaction initiated by an agent of 
a principal and which stores a profile defined 
by said principal; 

a processor which a) retr ieves said profile from 
said database t>ased on said information asso- 
ciated with said transaction, and b) compares 
at least a portion of said information to data in- 
cluded in said profile; and 
a network over which a notification signal is 
transmitted to said principal in response to said 
comparison. 

30. The system of claim 29 wherein said notification sig- 
nal includes a message requesting approval of the 
transaction. 

31. The system of claim 30 further comprising: 

an end-user device from which an approval sig- 
nal is transmitted by said principal to said data- 
base; and 

means responsive to receiving said approval 
signal at said database, for authorizing said 
transaction. 

32. The system of claim 31 further comprising a paging 
device which a) receives the notification signal m 
response to the comparison, cind b) transmits the 
approval signal from the principal. 

33. The system of claim 30 further comprising: 

an end-user device from which a disapproval 
signal is transmitted by said principal to said da- 
tabase; and 

mear>s responsive to receiving said disapprov- 
al signal at said database, for invalidating said 
transaction. 

34. The system of claim 30 further comprising means 
for invalidating said transaction when no signal is 
received from said principal in response to said re- 
quest for approval message. 

35. The system of claim 29 wherein said processor fur- 



ther includes means for determining whether pa- 
rameters included in said second subset of informa- 
tion exceed threshold values represented by said 
data included in said prc^ile. 
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